what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

Files Date: 2021-06-30 to 2021-06-30

Red Hat Security Advisory 2021-2575-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2575-01 - The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-3520
MD5 | 77b7b9e51356ba925bcc7e9adc02534f
Red Hat Security Advisory 2021-2566-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2566-01 - The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779, CVE-2021-20225, CVE-2021-20233
MD5 | f09cd40b40dc9d447e7bcf3021560894
Global Socket 1.4.32
Posted Jun 30, 2021
Authored by thc | Site thc.org

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Changes: Protocol upgrade to 1.3 that breaks backwards compatibility. New Key Derivation Method and fixed gs secret length. Added verbosity switches. Auto-reconnect for server added when DNS fails and keeps re-trying until success. Downgraded automake requirements to 2.69. deploy.sh support for Raspberry PI 4b+ (armv7l) added. Debian HURD support added. Various other updates.
tags | tool, tcp
systems | unix
MD5 | 1ac0911273bf892c3d9e6daed8ac183b
Faraday 3.16.0
Posted Jun 30, 2021
Authored by Francisco Amato | Site github.com

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

Changes: Two breaking changes where API V2 is discontinued and the minimum version of python is changed to 3.7. 3 additions, 2 modifications, and 5 bug fixes.
tags | tool, rootkit
systems | unix
MD5 | 7a0af972daebfeaa6f4a131e02f2f29b
Red Hat Security Advisory 2021-2569-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2569-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include buffer overflow, bypass, null pointer, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541
MD5 | 378b5d9e1ca92db4590846e447ac9617
KVM nested_svm_vmrun Double Fetch
Posted Jun 30, 2021
Authored by Google Security Research, Felix Wilhelm

A KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will then trigger a second call to nested_svm_vmrun and corrupt svm->nested.hsave with data copied out of the L2 vmcb. For kernel versions that include the commit "2fcf4876: KVM: nSVM: implement on demand allocation of the nested state" (>=5.10), the guest can free the MSR permission bit in svm->nested.msrpm, while it's still in use and gain unrestricted access to host MSRs.

tags | exploit, kernel
advisories | CVE-2021-29657
MD5 | 814987fd3e7902c83f77c7f4aa4a3585
Red Hat Security Advisory 2021-2574-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2574-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2021-20271
MD5 | 1da631d27e22811e7c1ce993385ef2c9
Apache Superset 1.1.0 Account Enumeration
Posted Jun 30, 2021
Authored by Dolev Farhi

Apache Superset version 1.1.0 suffers from a time-based account enumeration vulnerability.

tags | exploit
MD5 | 79699f800c9b8c66297545ad1eaae6cc
Red Hat Security Advisory 2021-2570-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2570-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.

tags | advisory, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-26541, CVE-2021-33034
MD5 | ff550194b07f6c2567a30d8dbd0834df
Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation
Posted Jun 30, 2021
Authored by Florian Bogner | Site bogner.sh

Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2021-35523
MD5 | 208329c265e24386a862dffeddea96d3
Red Hat Security Advisory 2021-2595-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2595-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a null pointer vulnerability.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2021-3514
MD5 | 8e0d22db0763d67145e409f2cac5f809
Red Hat Security Advisory 2021-2588-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2019-3881, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965
MD5 | 5e2ccb178bd169ed159018b837c3de7e
Red Hat Security Advisory 2021-2587-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and information leakage vulnerabilities.

tags | advisory, web, denial of service, vulnerability, ruby
systems | linux, redhat
advisories | CVE-2019-15845, CVE-2019-16201, CVE-2019-16254, CVE-2019-16255, CVE-2020-10663, CVE-2020-10933, CVE-2020-25613, CVE-2021-28965
MD5 | f7f53cfd560c5f1f80128f765f02ec85
Doctors Patients Management System 1.0 SQL Injection
Posted Jun 30, 2021
Authored by Murat Demirci

Doctors Patients Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

tags | exploit, remote, sql injection
MD5 | fb9af03a5ee38e11615bb8c1c7a35654
Red Hat Security Advisory 2021-2591-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2591-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a heap corruption vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-28211
MD5 | 2beaac24d5e1beafb3aad37304d84370
Red Hat Security Advisory 2021-2584-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.

tags | advisory, web, ruby
systems | linux, redhat
advisories | CVE-2020-25613, CVE-2021-28965
MD5 | e227ce7bf6024cc963dce63d37b9c5fd
Red Hat Security Advisory 2021-2583-01
Posted Jun 30, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2583-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2020-14343
MD5 | 2beeca5443edac829ce1ae431a4c1484
phpAbook 0.9i SQL Injection
Posted Jun 30, 2021
Authored by Alejandro Perez, Said Cortes

phpAbook version 0.9i suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | ceadee176206060327e5cc0ef90f1775
Page 1 of 1
Back1Next

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close